Hi Whilst you are searching the net, you might also want to search for 'sql injection'. This is no joke! Please use the mysql_escape_string on each variable you get from the user side. In your example $Email = mysql_escape_string($_POST['Email']); $Phonenumber = mysql_escape_string($_POST['Phonenumber']); etc There are some issues when magic quotes are turned on but you can implement a hack that corrects any consuequences of that (stripslashes) Andy -- Registered Linux User Number 379093 -- --BEGIN GEEK CODE BLOCK----- Version: 3.1 GAT/O/>E$ d-(---)>+ s:(+)>: a--(-)>? C++++$(+++) UL++++>++++$ P-(+)>++ L+++>++++$ E---(-)@ W+++>+++$ !N@ o? !K? W--(---) !O !M- V-- PS++(+++) PE--(-) Y+ PGP++(+++) t+(++) 5-- X++ R*(+)@ !tv b-() DI(+) D+(+++) G(+) e>++++$@ h++(*) r-->++ y--()>++++ -- ---END GEEK CODE BLOCK------ -- Check out these few php utilities that I released under the GPL2 and that are meant for use with a php cli binary: http://www.vlaamse-kern.com/sas/ -- -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
